Population viability analyses of Chamaecrista keyensis (Leguminosae: Caesalpinioideae), a narrowly endemic herb of the lower Florida Keys: Effects of seasonal timing of fires and the urban -wildland interface

This research first evaluated the effects of urban wildland interface on reproductive biology of the Big Pine Partridge Pea, Chamaecrista keyensis, an understory herb that is endemic to Big Pine Key, Florida. I found that C. keyensis was self-compatible, but depended on bees for seed set. Furthermore, individuals of C. keyensis in urban habitats suffered higher seed predation and therefore set fewer seeds than forest interior plants. ^ I then focused on the effects of fire at different times of the year, summer (wet) and winter (dry), on the population dynamics and population viability of C. keyensis. I found that C. keyensis population recovered faster after winter burns and early summer burns (May–June) than after late summer burns (July–September) due to better survival and seedling recruitment following former fires. Fire intensity had positive effects on reproduction of C. keyensis. In contrast, no significant fire intensity effects were found on survival, growth, and seedling recruitment. This indicated that better survival and seedling recruitment following winter and early summer burns (compared with late summer burns) were due to the reproductive phenology of the plant in relation to fires rather than differences in fire intensity. Deterministic population modeling showed that time since fire significantly affected the finite population growth rates (λ). Particularly, recently burned plots had the largest λ. In addition, effects of timing of fires on λ were most pronounced the year of burn, but not the subsequent years. The elasticity analyses suggested that maximizing survival is an effective way to minimize the reduction in finite population growth rate the year of burn. Early summer fires or dry-season fires may achieve this objective. Finally, stochastic simulations indicated that the C. keyensis population had lower extinction risk and population decline probability if burned in the winter than in the late summer. A fire frequency of approximately 7 years would create the lowest extinction probability for C. keyensis. A fire management regime including a wide range of burning seasons may be essential for the continued existence of C. keyensis and other endemic species of pine rockland on Big Pine Key. ^

Integrity-based kernel malware detection

Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today's advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware. ^ We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests. ^ We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware. ^ We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks). ^ In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution.^

Optimal kernel development for real-time communications

The purpose of this research is to develop an optimal kernel which would be used in a real-time engineering and communications system. Since the application is a real-time system, relevant real-time issues are studied in conjunction with kernel related issues. The emphasis of the research is the development of a kernel which would not only adhere to the criteria of a real-time environment, namely determinism and performance, but also provide the flexibility and portability associated with non-real-time environments. The essence of the research is to study how the features found in non-real-time systems could be applied to the real-time system in order to generate an optimal kernel which would provide flexibility and architecture independence while maintaining the performance needed by most of the engineering applications. Traditionally, development of real-time kernels has been done using assembly language. By utilizing the powerful constructs of the C language, a real-time kernel was developed which addressed the goals of flexibility and portability while still meeting the real-time criteria. The implementation of the kernel is carried out using the powerful 68010/20/30/40 microprocessor based systems.

Integrity-Based Kernel Malware Detection

Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today's advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware. We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests. We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware. We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks). In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution.